As the farming sector becomes more high tech, cyber criminals are targeting farms of all sizes.  Andrew Dell, NAB’s Chief Information Security Officer, and Greg Spencer, Senior Partner at Beyond Technology, explain how attacks can occur and suggest strategies for protecting your livelihood.

Technology is helping farmers to become more productive and profitable – but it can also make them vulnerable to cybercrime.

Recently the FBI alerted the American food and agricultural sector to the fact that cyber criminals might target information gathered as part of their precision agriculture or smart farming processes*. This intellectual property could be very useful to competitors at home and overseas.

The risk isn’t limited to the United States. “Australian farmers shouldn’t underestimate the value of their business data, especially given the importance of our agricultural export industry,” says Andrew Dell, NAB’s Chief Information Security Officer.

Supply chains can also be vulnerable to attack. “These days, most farmers deal electronically with their suppliers and their customers,” says Greg Spencer, Senior Partner at Beyond Technology Consulting.

“A lot of data is being exchanged which is critical to the functioning of the operation – and critical data can be leveraged by criminals for profit. Farmers could also be at a disadvantage in the negotiation process if a customer, supplier or competitor has access to their business information.”

Data held to ransom

Some cyber criminals attempt to blackmail business owners by locking them out of their own systems or taking over control. They then promise to restore access once a ransom has been paid.

Many larger enterprises are now using supervisory control and data acquisition (SCADA) systems, which use coded signals over communication channels to allow users to monitor and control systems such as irrigation remotely. “Criminals know they have potential to cause chaos by hacking into systems like these, so their demands are likely to be high,” says Spencer.

But not every attack is on this scale. “All farmers should be aware of the role computer security can play in protecting their livelihood,” says Dell. “Criminals want to make a quick buck – and, unfortunately, anyone with a computer and bank account will do.

“One approach is to send a legitimate-looking email that asks you to click on a link or open an attachment. This triggers a download of malware that locks you out of all of your files. A ransom note then pops up on your screen, demanding money to unlock them.”

How to protect your agribusiness

Basic cyber protection doesn’t have to be expensive. Andrew Dell suggests starting with five simple steps.

1. Back up your business data on a regular basis. This could be as simple as copying it on to a USB stick and stashing it somewhere safe. Test to make sure your backups are working.
2. If possible, have one computer for general family use and one that is strictly for business. When a computer is used for social media, playing games, watching videos and downloading music it’s much more likely that someone will unwittingly click on a suspicious link or allow malicious software to be installed.
3. Check emails carefully (look at the sender address, ensure the request looks valid, is the email expected?) before responding to them. Some common scam emails look as if they come from Australia Post, the Australian Tax Office, the Australian Federal Police or an energy company.
4. Install anti-virus software on your computers and use an up-to-date operating system – but remember these are not foolproof. Malware may be sent to your computer before the anti-virus companies are aware of it.
5. Remember that your business relies on other people’s computers as well as your own. Don’t be afraid to ask your accountant, bookkeeper or business manager about their online security practices.

If you’ve made a substantial investment in technology, Spencer recommends talking to an impartial advisor.

“People who sell the equipment might downplay the risks while people who sell cyber security might recommend more protection than is strictly necessary. No-one can guarantee that you won’t be hacked – we regularly read about breaches of security in companies that spend hundreds of thousands of dollars a year on protection,” he says.

“But, like regular thieves, the majority of cyber criminals are opportunists. In most cases, all you need to do is convince them they should move on to an easier target. An advisor can help you to assess the scale of the risk, the most cost-effective way of mitigating it, and also the best course of action to take if you should be the victim of an attack.”

For further information

Managing the threat of a cyber attack is a vital part of running any business in this new digital age. If you are looking for more information about how to protect your business from such threats, visit these sites.

•  For easy to understand computer security advice for home use and SME business, visit staysmartonline.gov.au
• To see the latest scams, or to report a scam, visit scamwatch.gov.au

The Australian Cybercrime Online Reporting Network (ACORN) is a secure reporting and referral service for cybercrime and online incidents that may be in breach of Australian law. Certain reports will be directed to Australian law enforcement and government agencies for further investigation. report.acorn.gov.au

* Federal Bureau of Investigation Cyber Division March 16 2016

More from NAB:

• How to protect your business from cyber attacks
• NAB Security Centre